<?php
$root = $_SERVER['DOCUMENT_ROOT'];
include($root . "/util/session.php"); //checks that the user is logged in
include($root . "/util/privilege_check.php");
checkPrivilege("admin");
if ($_SERVER["REQUEST_METHOD"] == "POST") {
	$degreeID = mysqli_real_escape_string($db, $_POST['degreeID']);

	$sql_query = "select * from degrees where degreeID = '$degreeID'";
	$result = mysqli_query($db, $sql_query);
	//check if user exists
	if (mysqli_num_rows($result) != 0) {
		$error = "User exists";
	} else {
		$degreeName = mysqli_real_escape_string($db, $_POST['degreeName']);
		$description = mysqli_real_escape_string($db, $_POST['description']);
		$sql_query = "INSERT INTO `degrees` (`degreeID`, `degreeName`, `description`) VALUES ('$degreeID', '$degreeName', '$description')";
		$result = mysqli_query($db, $sql_query);
		if ($result) {
			header("Location: /admin/admin.php?msg=Degree added");
		} else {
			$error = "sql error";
		}
	}
}
?>

<head>
	<title>Add a degree</title>
	<link rel="stylesheet" type="text/css" href="adminStyle.css">
</head>
<?php
include($root . "/admin/header.php");
?>
<main>
	<html>

	<body>

		<li><a href="/admin/degreeList.php">Back</a></li>
		<form action="/admin/degreeAdd.php" method="post" id="degreeForm">
			<label for="degreeID">Degree ID:</label><br>
			<input type="text" id="degreeID" name="degreeID" required><br>
			<label for="degreeName">Degree Name:</label><br>
			<input type="text" id="degreeName" name="degreeName" required><br>
			<label for="description">Description:</label><br>
			<textarea rows="4" cols="50" name="description" id=description form="degreeForm"></textarea><br>
			<input type="submit" value="Add">
		</form>
		<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php if (isset($error)) {
																		echo $error;
																	} ?></div>


	</body>

	</html>
</main>
<?php
include($root . "/admin/footer.php");
?>